Muchirongwa cheInsydeH2O, chinoshandiswa nevazhinji vagadziri kugadzira UEFI firmware yemidziyo yavo (iyo yakajairika kuisirwa UEFI BIOS), 23 kusasimba kwakaonekwa kunobvumira kodhi kuti iitwe padanho reSMM (System Management Mode), ine yepamusoro-soro (Ring -2) kupfuura iyo hypervisor modhi uye zero mhete yekudzivirira, uye kuve nekuwana kusingagumi kundangariro dzese. Nyaya inobata UEFI firmware inoshandiswa nevagadziri vakaita seFujitsu, Siemens, Dell, HP, HPE, Lenovo, Microsoft, Intel uye Bull Atos.
Kushandiswa kwekusagadzikana kunoda kuwanikwa kwenzvimbo nekodzero dzemutungamiriri, izvo zvinoita kuti nyaya dzizivikanwe sedziviriro yekusagadzikana, inoshandiswa mushure mekushandiswa kwehumwe hudziviriro muhurongwa kana kushandiswa kwemagariro einjiniya nzira. Kupinda padanho reSMM kunokubvumidza kuti uite kodhi padanho risingadzorwe neiyo inoshanda sisitimu, iyo inogona kushandiswa kugadzirisa firmware uye kusiya yakavanzika yakaipa kodhi kana rootkits muSPI Flash iyo isingaonekwe neiyo inoshanda sisitimu, pamwe chete. kudzima ongororo padanho rebhoot (UEFI Secure Boot, Intel BootGuard) uye kurwiswa kwe hypervisors kunzvenga nzira dzekutarisa kuvimbika kwenzvimbo dzakaita.
Kushandiswa kwekusagadzikana kunogona kuitwa kubva kune inoshanda sisitimu uchishandisa isina kusimbiswa SMI (System Management Interrupt) vanobata, pamwe nepamberi pekuita nhanho yeanoshanda sisitimu panguva yekutanga nhanho yekubhoti kana kudzoka kubva kuhope mode. Kusagadzikana kwese kunokonzerwa nematambudziko ekurangarira uye akakamurwa muzvikamu zvitatu:
- SMM Callout - kuitwa kwekodhi yako nekodzero dzeSMM nekutungamirazve kuuraya kweSWSMI kuvhiringidza vanobata kodhi kunze kweSMRAM;
- Memory huwori hunobvumira anorwisa kunyora data ravo kuSMRAM, yakasarudzika yakasarudzika nzvimbo yekurangarira umo kodhi inoitwa nekodzero dzeSMM.
- Memory huwori mune kodhi inomhanya padanho reDXE (Driver eXecution Environment) level.
Kuratidza misimboti yekuronga kurwiswa, muenzaniso wekushandisa wakadhindwa, uyo unobvumira, kuburikidza nekurwiswa kubva kune yechitatu kana zero mhete yekudzivirira, kuwana mukana weDXE Runtime UEFI uye kuita kodhi yako. Iko kushandiswa kunoshandisa stack kufashukira (CVE-2021-42059) muUEFI DXE mutyairi. Panguva yekurwiswa, munhu anorwisa anogona kuisa kodhi yake mudhiraivha weDXE, iyo inoramba ichishanda mushure mekunge sisitimu yekushandisa yatangwazve, kana kuita shanduko kunzvimbo yeNVRAM yeSPI Flash. Panguva yekuurayiwa, kodhi yeanorwisa inogona kuita shanduko kune dzakasarudzika nzvimbo dzekurangarira, gadzirisa EFI Runtime masevhisi, uye kukanganisa maitiro ebhutsu.
Source: opennet.ru